Cryptography Reference
In-Depth Information
*
q
*
q
Encrypt : Every L -sensor selects random integers
t Î , where t is the ses-
sion key. The L -sensors then encrypt the session key as shown below:
w Î and
w
CwQaP
=+
(
) and
C t
Hg
(
)
(5.6)
1
i
2
2
The cipher texts C 1 and C 2 are then sent to their respective H -sensor nodes.
Decrypt : On receiving the encrypted message, each L -sensor decrypts the session key
as shown below:
C
(5.7)
t
=
HedC
(( ,
))
Å
2
i
1
2
Using the bilinear property, the equation
æ
ö ÷
w
sa
ç
÷
ç
+
w
w
=
+
=
=
ed C
(, )
e P Q
(
aP
)
÷
ePP
(,)
g
ç
i
÷
i
1
ç
i
÷ ÷
ç è
ø
In this model, broadcast authentication is achieved using the Elliptic Curve Digital
Signature Algorithm (ECDSA). Because only the H -sensor nodes are in possession of
their private keys ( d i ), the retrieval of session key ( t ) by these nodes provides a means of
implicit authentication between L -sensors and their respective H -sensors. If an H -sensor
node receives a request from an L -sensor node whose node ID is not preloaded, the
H -sensor would contact the sink node for further verification of the L -sensor's node
ID. In addition, periodic update of node IDs between the sink node and H -sensors is
carried out to prevent intruders.
5.4 Revocation
Revocation is discussed in detail in Chapter 6 (Identity-Based Key Distribution in
Wireless Sensor Networks). To revoke a compromised sensor node in WSN, the sink
node or cluster head will simply send an authenticated broadcast message. This revoked
message will contain the identity of the compromised node. Hereafter, if any node in
the network receives a message signed by the compromised node, it would just reject
the message and not waste its energy in verifying the message's authenticity. In this
case, it is assumed that the adversary is capable of compromising a few sensor nodes in
the network. However, if most of the nodes are compromised, it could lead to a com-
plete downfall of the security system.
5.5 User Authentication
To interact with sensor nodes directly, end users should first register with the sink
node or base station and obtain their respective private keys and system parameters.
Search WWH ::




Custom Search